Prisma Cloud Enterprise Edition (SaaS) | Audit | Delete audit logs

Welcome
- Welcome
- Getting started
- Upgrade announcements
- Compute SaaS maintenance updates
- NAT gateway IP addresses
- Product architecture
- Support lifecycle
- Upcoming support lifecycle changes
- Licensing
- Prisma Cloud Enterprise Edition vs Compute Edition
- Utilities and plugins
Install
- Install
- Getting started
- System requirements
- Prisma Cloud container images
- Kubernetes
- OpenShift 4
- OpenShift 3.11
- VMware Tanzu Kubernetes Grid
- Amazon ECS
- Docker Swarm
- Windows
- Defender types
- Install Defender
Upgrade
- Upgrade
- Upgrade process
- Kubernetes
- OpenShift
- Helm charts
- Docker Swarm
- Amazon ECS
- Manually upgrade single Container Defenders
- Manually upgrade Defender DaemonSets
- Manually upgrade Defender DaemonSets (Helm)
- Manually upgrade Swarm Defender global service
Technology overviews
- Technology overviews
- Prisma Cloud Advanced Threat Protection
- App-specific network intelligence
- Container runtimes
- Radar
- Serverless Radar
- Prisma Cloud rules guide for Docker
- Defender architecture
- Telemetry
Configure
- Configure
- Rule ordering and pattern matching
- Disaster recovery
- Custom feeds
- Proxy configuration
- Configure scan intervals
- User certificate validity period
- Enable HTTP access to Console
- Set different paths for Console and Defender (with daemon sets)
- Authenticate to Console with certificates
- Customize terminal output
- Collections
- Tags
Authentication
- Authentication
- Access keys
- Prisma Cloud user roles
- Compute user roles
- Assign roles
- Credentials store
Vulnerability management
- Vulnerability management
- Vulnerability Explorer
- Vulnerability management rules
- Search CVEs
- Scan reports
- Customize image scanning
- Registry scanning
- Configuring registry scans
- VM image scanning
- Code repository scanning
- Malware scanning
- Risk trees
- Detect vulnerabilities in unpackaged software
- CVSS scoring
- Google Cloud Container Builder
- Windows image scanning
- Serverless function scanning
- VMware Tanzu blobstore scanning
Access control
- Access control
- Docker role-based access control
- Admission control
Compliance
- Compliance
- Compliance Explorer
- Manage compliance
- CIS Benchmarks
- Prisma Cloud compliance checks
- Serverless functions
- Windows compliance checks
- Custom compliance checks
- Trusted images
- Host scanning
- VM image scanning
- Detect secrets
- Cloud discovery
Runtime defense
- Runtime defense
- Runtime defense overview
- Runtime defense for processes
- Runtime defense for networking
- Runtime defense for file systems
- Runtime defense for hosts
- Custom runtime rules
- Blocked containers
- Import and export individual rules
- Discrete blocking
- Fargate
- Incident Explorer
- Incident types
Continuous integration
- Continuous integration
- Jenkins plugin
- Jenkins Freestyle project
- Jenkins Maven project
- Jenkins Pipeline project
- Run Jenkins in a container
- Jenkins pipeline on K8S
- CloudBees Core pipeline on K8S
- Set policy in the CI plugins
Web-Application and API Security (WAAS)
- Web-Application and API Security (WAAS)
- Overview
- Deployment
- App Firewall
- API Protection
- DoS Protection
- Bot Protection
- Access Control
- Advanced Settings
- Analytics
Firewalls
- Firewalls
- Cloud Native Network Firewall (CNNF)
Secrets
- Secrets
- Secrets manager
- Integrate with a secrets store
- Secrets stores
- Inject secrets into containers
- Injecting secrets example
Alerts
- Alerts
- Alert mechanism
- AWS Security Hub
- Cortex XSOAR
- Email
- Google Cloud Pub/Sub
- Google Cloud SCC
- IBM Cloud Security Advisor
- JIRA
- PagerDuty
- ServiceNow Security Incident Response
- ServiceNow Vulnerability Response
- Slack
- Webhook
Audit
- Audit
- Event viewer
- Host activity
- Admin activity
- Annotate audits
- Delete audit logs
- Syslog and stdout integration
- Log rotation
- Throttling
- Prometheus
- Kubernetes auditing
Tools
- Tools
- twistcli
- Scan images with twistcli
- Scan IaC files with twistcli
Deployment patterns
- Deployment patterns
- DNS and certificate management
- Caps
- Performance planning
API
- API
- Stability guide
- Access the API
- Automate Defender install
- Manage compliance policies
- 20.12 porting guide
How-to guides
- Howto
- Deploy Defenders External to an OpenShift cluster
- Disable automatic learning
- Review debug logs

1. Overview
2. Delete all access audit events
3. Delete access audit event

1. Overview

Delete audits from the log using the Prisma Cloud API.

2. Delete all access audit events

Deleting audit log entries is done through API calls only.

Path

DELETE /api/v1/audits/access?type=[type]

Description

Deletes all access events of a specific type. In case type is not provided all access audits for every type will be removed. The possible 'types' for this command are:

docker: Docker access audit
kubernetes: Kubernetes access audit (to Kubernetes master)
swarm: same as Kubernetes but for Docker Swarm
sshd: SSH audit to host
sudo: sudo commands audit on host

Status codes

200 - no error
400 - bad request was provided

Example request

curl -X DELETE  -u admin:<Password>  'https://<localhost>:8443/api/v1/audits/access?type=docker'

Example response

{}

3. Delete access audit event

Deleting audit log entries is done through API calls only.

Path

DELETE /api/v1/audits/access/[id]

Description

Deletes an access event with specific id.

Status codes

200 - no error
400 - bad request was provided

Example request

curl -X DELETE -u admin:<Password>  'https://<localhost>:8443/api/v1/audits/access/580fd342b8aaba1000ec47be'

Example response

{}

The current set up enables user to delete entries at the access layer for each runtime sensor. To learn more on API calls, see the API reference.